package com.wangrui.config;


import com.wangrui.service.SchoolService;
import com.wangrui.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

//@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserService userService;

    @Autowired
    private SchoolService schoolService;

    //定制请求的授权规则
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/error/**").permitAll()
                .antMatchers("/user/**").hasRole("[1]")
                .antMatchers("/school/**").hasRole("[1]")
                .antMatchers("/main/**").hasRole("[1]")
                .antMatchers("/save.html").hasRole("[1]")
                .antMatchers("/main.html").hasRole("[1]");
        //开启自动配置的登录功能：如果没有权限，就会跳转到登录页面！
        // /login 请求来到登录页
        // /login?error 重定向到这里表示登录失败
        http.csrf().disable();//关闭csrf功能:跨站请求伪造,默认只能通过post方式提交
        http.formLogin()
                .usernameParameter("username")
                .passwordParameter("password")
                .loginPage("/toLogin")
                .loginProcessingUrl("/login")// 登陆表单提交请求*/
                .defaultSuccessUrl("/update.html",true); //.successForwardUrl("/save.html") 添加之后405

        //开启自动配置的注销的功能
        http.logout().logoutSuccessUrl("/");
        //记住我
        http.rememberMe().rememberMeParameter("remember");
    }

    //定义认证规则
  /*  @RequestMapping(value = "/login",method = RequestMethod.GET)*/
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws
            Exception {
//在内存中定义，也可以在jdbc中去拿....
//Spring security 5.0中新增了多种加密方式，也改变了密码的格式。
//要想我们的项目还能够正常登陆，需要修改一下configure中的代码。我们要将前端传过来的密码进行某种方式加密

//spring security 官方推荐的是使用bcrypt加密方式。

        auth.inMemoryAuthentication()
                .passwordEncoder(
                new BCryptPasswordEncoder()).withUser("root").password(
                new BCryptPasswordEncoder().encode("123456")).roles("[1]");


    }
}
